解决办法:写一个filter进行拦截
package frameWork.common.core.filter;
import java.io.IOException;
import java.util.ArrayList;
import java.util.List;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
public class FilterHttpServlertRequest implements Filter {
private List<String> list = new ArrayList<String>(); //这些链接要进行登录检查
@Override
public void destroy() {
// TODO Auto-generated method stub
}
@Override
public void doFilter(ServletRequest arg0, ServletResponse arg1,
FilterChain chain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) arg0;
HttpServletResponse response = (HttpServletResponse) arg1;
HttpSession session = request.getSession();
String customerNo = (String) session.getAttribute("customerno");
StringBuffer url = request.getRequestURL();
//解决跨站点请求伪造
String referer = request.getHeader("Referer");
if ((referer != null)
&& !(referer.trim().startsWith("http://www.51huoniu.com")
|| referer.trim().startsWith("http://51huoniu.com")
|| referer.trim().startsWith("http://www.huoniu18.com")
|| referer.trim().startsWith("http://localhost:8080") || referer
.trim().startsWith("http://121.41.112.100:8888"))) {
response.sendRedirect("/webpage/index.jsp");
}
if (customerNo == null || "".equals(customerNo)) {
for (String u : list) {
if (url.toString().indexOf(u) > 0) {
response.sendRedirect("/webpage/index.jsp");
}
}
}
chain.doFilter(request, response);
}
@Override
public void init(FilterConfig arg0) throws ServletException {
String byDay = arg0.getInitParameter("byDay");
String byMonth = arg0.getInitParameter("byMonth");
String myForce = arg0.getInitParameter("myForce");
String myFance = arg0.getInitParameter("myFance");
String myPackage = arg0.getInitParameter("myPackage");
String smrz = arg0.getInitParameter("smrz");
list.add(smrz);
list.add(myPackage);
list.add(byDay);
list.add(byMonth);
list.add(myForce);
list.add(myFance);
}
}
<filter>
<filter-name>jsp</filter-name>
<filter-class>frameWork.common.core.filter.FilterHttpServlertRequest</filter-class>
<init-param>
<param-name>byDay</param-name>
<param-value>/webpage/personalCenter/byDay</param-value>
</init-param>
<init-param>
<param-name>byMonth</param-name>
<param-value>/webpage/personalCenter/byMonth</param-value>
</init-param>
<init-param>
<param-name>myForce</param-name>
<param-value>/personalCenter/myGZ</param-value>
</init-param>
<init-param>
<param-name>myFance</param-name>
<param-value>/personalCenter/myFans</param-value>
</init-param>
<init-param>
<param-name>myPackage</param-name>
<param-value>/webpage/personalCenter/p_redpackage</param-value>
</init-param>
<init-param>
<param-name>smrz</param-name>
<param-value>/webpage/customerInfo/smrz</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>jsp</filter-name>
<url-pattern>*.jsp</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>jsp</filter-name>
<url-pattern>*.do</url-pattern>
</filter-mapping>
转载于:https://blog.51cto.com/xuliangjun/1623632